ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthBase.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33abstract class ilAuthBase
34{
35 // Used for SOAP Auth
36 // TODO: Find another solution
37 protected $sub_status = null;
38
40
41
46 public function getSubStatus()
47 {
48 return $this->sub_status;
49 }
50
55 public function setSubStatus($a_sub_status)
56 {
57 $this->sub_status = $a_sub_status;
58 }
59
65 public function supportsRedirects()
66 {
67 return true;
68 }
69
74 final public function getContainer()
75 {
76 return $this->storage;
77 }
78
84 final protected function initAuth()
85 {
87
88 $this->enableLogging = true;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging) {
92 ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
93 }
94 $this->setLoginCallback(array($this,'loginObserver'));
95 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
96 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
97 $this->setLogoutCallback(array($this,'logoutObserver'));
98
99 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
100 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
101 }
102
109 protected function loginObserver($a_username, $a_auth)
110 {
111 global $DIC;
112
113 $ilLog = $DIC['ilLog'];
114 $ilAppEventHandler = $DIC['ilAppEventHandler'];
115 $ilSetting = $DIC['ilSetting'];
116
117 if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
118 // validate user
119 include_once "Services/User/classes/class.ilObjUser.php";
120 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
121 if ($user_id != ANONYMOUS_USER_ID) {
122 $user = new ilObjUser($user_id);
123
124 // check if profile is complete
125 include_once "Services/User/classes/class.ilUserProfile.php";
127 $user->setProfileIncomplete(true);
128 $user->update();
129 }
130
131 // --- extended user validation
132 //
133 // we only have a single status, so abort after each one
134 // order from highest priority to lowest
135
136 // active?
137 if (!$user->getActive()) {
138 $this->status = AUTH_USER_INACTIVE;
139 $a_auth->logout();
140 return;
141 }
142
143 // time limit
144 if (!$user->checkTimeLimit()) {
145 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
146 // #16327
147 $this->exceeded_user_name = $this->getUserName();
148 $a_auth->logout();
149 return;
150 }
151
152 // check client ip
153 $clientip = $user->getClientIP();
154 if (trim($clientip) != "") {
155 $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
156 $clientip = str_replace(".", "\\.", $clientip);
157 $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
158 if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
159 $this->status = AUTH_USER_WRONG_IP;
160 $a_auth->logout();
161 return;
162 }
163 }
164
165 // simultaneous login
166 if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
167 ilObjUser::hasActiveSession($user_id)) {
168 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
169 $a_auth->logout();
170 return;
171 }
172
173 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
174 ilOnlineTracking::addUser($user_id);
175
176 include_once 'Modules/Forum/classes/class.ilObjForum.php';
178
179 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
180 $security_settings = ilSecuritySettings::_getInstance();
181
182 // determine first login of user for setting an indicator
183 // which still is available in PersonalDesktop, Repository, ...
184 // (last login date is set to current date in next step)
185 if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
186 $user->getLastLogin() == null
187 ) {
188 $user->resetLastPasswordChange();
189 }
190
191 $user->refreshLogin();
192
193 // reset counter for failed logins
195 }
196
197 // --- anonymous/registered user
198 ilLoggerFactory::getLogger('auth')->info(
199 'logged in as ' . $a_auth->getUsername() .
200 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
201 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
202 );
203
204 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
205
206 $ilAppEventHandler->raise(
207 'Services/Authentication',
208 'afterLogin',
209 array('username' => $a_auth->getUsername())
210 );
211 }
212 }
213
220 protected function failedLoginObserver($a_username, $a_auth)
221 {
222 global $DIC;
223
224 $ilLog = $DIC['ilLog'];
225
226 ilLoggerFactory::getLogger('auth')->info(
227 ': login failed for user ' . $a_username .
228 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
229 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
230 );
231
232 if ($a_username) {
233 $usr_id = ilObjUser::_lookupId($a_username);
234 if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
236 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
237
238 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
240 $max_attempts = $security->getLoginMaxAttempts();
241
242 if ((int) $max_attempts && $login_attempts >= $max_attempts) {
244 }
245 }
246 }
247
248 return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
249 }
250
257 protected function checkAuthObserver($a_username, $a_auth)
258 {
259 return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
260 }
261
268 protected function logoutObserver($a_username, $a_auth)
269 {
270 global $DIC;
271
272 $ilLog = $DIC['ilLog'];
273 $ilAppEventHandler = $DIC['ilAppEventHandler'];
274
275 ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
276
278
279 $ilAppEventHandler->raise(
280 'Services/Authentication',
281 'afterLogout',
282 array('username' => $a_auth->getUsername())
283 );
284
285 return $this->getContainer()->logoutObserver($a_username, $a_auth);
286 }
287
288 public function getExceededUserName()
289 {
291 }
292}
An exception for terminatinating execution or to throw for unit testing.
const AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_INACTIVE
const AUTH_USER_WRONG_IP
@classDescription Base class for all PEAR and ILIAS auth classes.
initAuth()
Init auth object Enable logging, set callbacks...
getContainer()
Get container object.
setSubStatus($a_sub_status)
Set sub status.
failedLoginObserver($a_username, $a_auth)
Called after failed login.
getSubStatus()
Get sub status.
loginObserver($a_username, $a_auth)
Called after successful login.
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ....
logoutObserver($a_username, $a_auth)
Called after logout.
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
static getLogger($a_component_id)
Get component logger.
static _updateOldAccess($a_usr_id)
static _resetLoginAttempts($a_usr_id)
static _incrementLoginAttempts($a_usr_id)
static _lookupId($a_user_str)
Lookup id by login.
static _setUserInactive($a_usr_id)
static _getLoginAttempts($a_usr_id)
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
static _getInstance()
Get instance of ilSecuritySettings.
static handleLogoutEvent()
reset sessions type to unknown
static initSession()
mark session with type regarding to the context.
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
$user
Definition: migrateto20.php:57
global $ilSetting
Definition: privfeed.php:17
global $DIC
Definition: saml.php:7
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']